A hacking group has stolen $1 billion from up to 100 financial institutions worldwide, according to a new analysis released by Kaspersky Lab, Interpol and Europol.
The Carbanak criminal gang is said to have targeted banks, e-payment systems and other FIs across 30 countries in a wave of sophisticated cyber attacks over the last two years, some of which are still active.
It is estimated that sums of up to $10 million were stolen in each raid, with each robbery taking between two and four months from infecting the first computer in the bank’s corporate network to the thieves collecting the money.
Outlining how the attacks took place, Kaspersky Lab said that the cyber criminals began by gaining entry into an employee’s computer through spear phishing, and infecting the victim with the Carbanak malware.
The hackers were then able to jump into the internal network and track down administrators’ computers for video surveillance. This allowed them to see and record everything that happened on the screens of staff who serviced the cash transfer systems, and to then mimic staff activity in order to transfer money out.
The fraudsters accessed the cash by depositing funds from the banks’ accounts into their own accounts, which were often based in China or America. They also used a technique to ‘inflate’ account balances and transfer the extra amounts, so that customers would not see any loss to their original balance. Another method involved seizing control of banks’ ATMs and ordering them to dispense cash at a pre-determined time, when a gang member would be waiting to collect it.
Sergey Golovanov, principal security researcher at Kaspersky Lab’s global research and analysis team, said: “These bank heists were surprising because it made no difference to the criminals what software the banks were using. So, even if its software is unique, a bank cannot get complacent. The attackers didn’t even need to hack into the banks’ services: once they got into the network, they learned how to hide their malicious plot behind legitimate actions. It was a very slick and professional cyber robbery.”
Latest News
-
Revolut reveals 2025 vision featuring AI assistant, mortgages, and ATMs
-
ZA Bank launches cryptocurrency trading in ‘Asia first’
-
BIAN launches new developer tools
-
Canadian banks leading on AI, says founder of Evident AI Index
-
Barclays fined £40m over Qatar fundraising failures from 2008
-
Mastercard Multi-Token Network connects to JP Morgan’s Kinexys Digital Payments for settlement
The human firewall: Activating employees to safeguard financial data
As financial services increasingly embrace SaaS and cloud-based technologies, they face emerging threats to safeguard sensitive customer data. While comprehensive IT security measures are essential, the active involvement of employees across organisations is pivotal in ensuring the protection of sensitive data.
Building a secure financial future for instant payments: The convergence of ISO 20022 and fraud detection
The financial landscape is rapidly evolving its approach to real-time transactions under the ISO 20022 standard, and financial institutions must take note. With examples such as the accelerated adoption of SEPA Instant Credit Transfers in Europe and proposed New Payment Architecture (NPA) programme in the UK, the need for swift and effective fraud detection is more crucial than ever.
Data Streaming and Consumer Duty: Transforming customer experience in banking
Introduced at the end of July, the Consumer Duty is a game-changing new set of rules and guidance for financial services institutions in the UK, and companies must look to modernise their systems in adherence with it in mind to create the best customer experience possible.
From insight to action: Empowering financial institutions through advanced technology and collaborative information sharing
The use of Information sharing in enhancing financial crime prevention has been universally agreed as being beneficial. However no-one has been able to agree on how information can be shared safely without breaching data protection laws or having the right systems to facilitate this, Information sharing has re-emerged as a major consideration for financial institutions (FIs) ahead of the Economic Crime and Corporate Transparency Bill being made into law in the UK.
© 2019 Perspective Publishing Privacy & Cookies
Recent Stories